Embodiments of the present invention are directed to systems, apparatuses and methods for processing payment transaction data, and more specifically, to the real-time processing of transactions as part of a transaction authorization process. Embodiments of the invention utilize a set of transaction decline rules to identify potentially fraudulent or otherwise undesirable transactions and to assist in deciding whether to authorize (approve) or decline a transaction. Embodiments of the invention may be used for multiple types of transactions, including, but not limited to, electronic or E-Commerce payment transactions, ATM (automated teller machine) transactions, money transfer transactions, etc. Further, embodiments of the invention may be used to generate a set of customized rules for a client or institution based on a common set of transaction processing rules that are applied to a group of clients or institutions. In some embodiments, the customized set of rules may be obtained by selecting a set of rules to be used for evaluating transactions and determining if those rules produce results that fall within a desired range of false positive ratio values for the client when applied to previously processed transactions. Embodiments of the invention may be used both as part of a transaction authorization process for proposed transactions and as part of a fraud analysis performed on completed transactions.
Consumer payment devices such as debit cards or credit cards are used by millions of people worldwide to facilitate various types of commercial transactions. In a typical transaction involving the purchase of a product or service at a merchant location, the payment device is presented at a point of sale terminal (“POS terminal”) located at a merchant's place of business. A consumer may also initiate a transaction by providing payment data from a remote location to a merchant over a network such as the Internet. Transactions of this type are typically initiated using a computing device such as a personal computer or laptop computer. Transactions may also be initiated by using a mobile device such as a cell phone or personal data assistant (PDA) that communicates with a merchant or service provider directly or indirectly over a wireless network.
Given the large number of transactions and amounts of money involved, the detection and prevention of fraud is an important consideration of any transaction processing system. In order to address this problem, payment processors and others involved in authorizing a transaction have developed data analysis tools designed to identify fraudulent behavior within an individual account and over a set of transactions as a whole. These tools are used as a form of transaction risk analysis to provide an Issuer with an estimate or indicator of the risk associated with a specific transaction. This allows the Issuer to consider the risk involved prior to authorizing the transaction. If the risk analysis indicates an unacceptable level of risk for a particular transaction, then the Issuer can refuse or deny the transaction. This prevents the consumer from being able to complete the transaction with a merchant. Typically, the risk analysis is implemented in the form of rules, where if a transaction satisfies the conditions of a rule, it is considered to be a fraudulent transaction (or at least one deserving of further scrutiny, such as conditioning the completion of the transaction on satisfaction of an additional requirement).
Although present forms of risk analysis provide a benefit to the parties involved in transactions, such transaction data processing tools do have disadvantages, particularly in terms of their use for real-time processing of transactions. It is desirable to provide a real-time transaction processing capability for a relatively large group of clients (e.g., merchants or service providers), as a way of identifying potentially fraudulent transactions before they are completed. This requires that decisions on whether to approve or decline a transaction need to be made relatively quickly in order to prevent a backlog of transactions and to maintain a positive user experience. However, because each client has their own specific way of operating their business or providing services, they may identify a fraudulent transaction based on conditions, variables or characteristics that are unique to their business. This means that in order to be most effective, each client may desire that transactions with that client be subject to its own set of transaction authorization or decline rules that are customized to its business.
However, this goal may not be practical as transaction processing systems typically have a rule base that is fixed in size to optimize the use of the data processing and data storage resources. Thus, for a large set of clients, a customized rule base may not be practical to implement and may require excessive data processing resources to utilize. Another problem with implementing a customized rule base is that of managing the rule base as it grows in size or as the number of clients increases. It is important to maintain only those rules in the rule base that produce a desired level of performance in order to optimize the use of processing resources and data storage capacity. This can become a significant logistics problem when managing a customized rule base for a large number of clients. Therefore, it would be desirable to be able to implement real-time processing of transactions using a common or partially common rule base for an entire set of clients, where that rule base is able to provide a level of customization for each client that is acceptable to that client.
What is desired is a system, apparatus and method for providing real-time payment transaction authorization processing for a large set of clients using a common or partially common rule base. It is also desired to have an effective method of managing the rule base based on performance criteria that produce satisfactory results for each of the set of clients. It is also desired to have an efficient and effective process for identifying fraud in previously completed payment transactions. Embodiments of the invention address these problems and other problems individually and collectively.